This Trojan is developed by Chinese hackers according to Cheetah Mobile Security Lab researchers because the Trojan code, location of malware server and it was manufactured by Chinese companies. Cheetah Mobile Security Lab researchers posted the reviews of many customers who purchased these cheap Android tablets from online marketplaces like Amazon.
The researchers further identified that an attacker can remotely control these infected tablets. The number of tablets delivered which are infected with these Trojans are believed to be around 17,233 but there is a large number which is already been shipped by Amazon and other online marketplaces.
Cloudsota infected devices are redirecting to some strange ads pages, automatically removing anti-virus apps, changing the users default home page. Because the Trojan has root permission, it will be restored automatically after rebooting the device. So, practically users cannot remove this Trojan from their devices.
United States, Mexico and Turkey are the countries where these pre-installed Trojan tablets are shipped. But the tablets with no brand name are believed to be highly effected according to the Cheetah Mobile research team. There are around 30 brands with are also infected with Cloudsota Trojan, but severity level is pretty low.
The Amazon and other online marketplaces are still selling these infected Trojans. So, people should avoid ordering any unbranded or low priced tablets from these marketplaces for now. Some Android tablet brands which are believed to be infected with Cloudsota Trojan are JYJ 7, JEJA 7 Zoll, FUSION5, Alldaymall Tablet, Yuntab SZ Wave, and Tagital.
All of these infected tablets are manufactured by the Chinese manufactures, who didn’t even responded to the Cheetah Mobile security lab when they suggested them to analyze their firmware. This is not the first time a n Android device is sold with a per-installed Trojan. People in Asia and Africa has been target before with the same type of campaigns.